<?php
//Verificaci'on de que el archivo sea de una extensi'on v'alida.
// begin Dave B's Q&D file upload security code
//var_dump($_POST);
  $allowedExtensions = array("jpg","jpeg","gif","png");
  foreach ($_FILES as $file) {
    if ($file['tmp_name'][0] > '') {
      if (!in_array(end(explode(".",
            strtolower($file['name'][0]))),
            $allowedExtensions)) {
       die($file['name'][0].' is an invalid file type!<br/>'.
        '<a href="javascript:history.go(-1);">'.
        '&lt;&lt Go Back</a>');
      }
	}
  if ($file['tmp_name'][1] > '') {
      if (!in_array(end(explode(".",
            strtolower($file['name'][1]))),
            $allowedExtensions)) {
       die($file['name'][1].' is an invalid file type!<br/>'.
        '<a href="javascript:history.go(-1);">'.
        '&lt;&lt Go Back</a>');
      }
    }
  
  }
  // end Dave B's Q&D file upload security code 
  require $_SERVER["DOCUMENT_ROOT"] . "/aonce_connect.php";

$expo = isset($_GET["expo"]) ? $_GET["expo"] : NULL;
if($expo == NULL)
	$expo = isset($_POST["expo"]) ? $_POST["expo"] : NULL;


/*
 * Mapeo de variables para inserci'on en base de datos.
 */
// Info de Expo
$titulo = htmlentities($_POST["tituloexpo"]);
$datos = htmlentities($_POST["dgen"]);
$texto = htmlentities($_POST["artistas"]);

$fechai = $fechaf = "NULL";
if(isset($_POST["finicio"]) && $_POST["finicio"] != "")
$fechai = "\"". htmlentities($_POST["finicio"]) . "\"";
if(isset($_POST["ffin"]) && $_POST["ffin"] != "")
$fechaf = "\"". htmlentities($_POST["ffin"]) ."\"";

//info de item
$titule = htmlentities($_POST["titulo"]);
$year = htmlentities($_POST["year"]);
$material = htmlentities($_POST["material"]);
$medidas = htmlentities($_POST["medidas"]);

/*
 * Queries de alta de exposici'on
 */
$expo_fields = "nombreexpo, artistasexpo, textoexpo, fotoexpo, inicioexpo, finexpo";
if($expo==NULL){
$expo_query = "INSERT INTO expo ($expo_fields) VALUES (\"$titulo\", \"$texto\", \"$datos\", \"".$_FILES['uploadedfile']['name'][0]."\", $fechai, $fechaf) ;";
}
else{
$expo_vals = "nombreexpo = \"$titulo\", artistasexpo = \"$texto\", textoexpo=\"$datos\", inicioexpo=$fechai, finexpo=$fechaf";
$expo_query = "UPDATE expo SET $expo_vals WHERE idexpo=$expo;";
}
//echo $expo_query;
/*
 * Queries de alta de item de exposicion
 */
$picsexpo_fields = "titulopicsexpo, yearpicsexpo, materialexpo, medidasexpo, fotoexpo, expo";
$picsexpo_query = "INSERT INTO picsexpo ($picsexpo_fields) VALUES (\"$titule\", \"$year\", \"$material\", \"$medidas\", \"${expo_}".$_FILES['uploadedfile']['name'][0]."\", $expo) ;";
//echo $picsexpo_query;
  
/*
 * Conexion a DB y ejecuci'on de queries
 */
$link = conecta();
$expo_result = $link->query($expo_query);
if($expo==NULL){
	$expo = $link->insert_id;
	$picsexpo_query = "INSERT INTO picsexpo ($picsexpo_fields) VALUES (\"$titule\", \"$year\", \"$material\", \"$medidas\", \"${expo}_".$_FILES['uploadedfile']['name'][0]."\", $expo) ;";
}
$picsexpo_result = $link->query($picsexpo_query);
$foto_id = $link->insert_id;
$uppic_query = "UPDATE picsexpo SET fotoexpo = CONCAT(\"e${foto_id}_\", fotoexpo) WHERE idpicsexpo=$foto_id; ";
$link->query($uppic_query);
$upexpo_query = "UPDATE expo SET fotoexpo = (SELECT fotoexpo FROM picsexpo WHERE idpicsexpo=$foto_id) WHERE idexpo=$expo; ";
$link->query($upexpo_query);
$link->close();

$foto_path = $_SERVER["DOCUMENT_ROOT"] . $parent_dir. "/uploads/";
$foto_path = $foto_path . "e${foto_id}_" . basename( $_FILES['uploadedfile']['name'][0]); 

$thumb_path = $_SERVER["DOCUMENT_ROOT"] . $parent_dir. "/thumbs/";
$thumb_path = $thumb_path . "e${foto_id}_" . basename( $_FILES['uploadedfile']['name'][0]); 

//var_dump($_FILES);
if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'][0], $foto_path)) {
    echo "The file ".  basename( $_FILES['uploadedfile']['name'][0]). 
    " has been uploaded. <br />\n";
} else{
    echo "There was an error uploading the file, please try again!<br />\n";
}
if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'][1], $thumb_path)) {
    echo "The file ".  basename( $_FILES['uploadedfile']['name'][1]). 
    " has been uploaded. <br />\n";
} else{
    echo "There was an error uploading the file, please try again!<br />\n";
}

//echo "\n".$expo_query;
//echo "\n".$picsexpo_query;
printf("<script language=\"javascript\">\ndocument.location=\"nuevaExposicion.php?expo=%s\";\n</script>", $expo);
?>
